Skip to main content
Article thumbnail
Location of Repository

Abstract The Kerf toolkit for intrusion analysis

By Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus and Brett Tofel

Abstract

We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our implementation of this system.

Year: 2008
OAI identifier: oai:CiteSeerX.psu:10.1.1.134.2923
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.cs.dartmouth.edu/~d... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.